1. Field of the Invention
The present invention relates to computer-based on-line commerce in which sellers and buyers of goods or services are linked via an electronic marketplace where deals are negotiated and consummated.
2. Description of the Related Art
As networks of linked computers become an increasingly more prevalent concept in everyday life, on-line interactions between buyers and sellers have become commonplace. Transactions between a business and an individual consumer are referred to as business-to-consumer (B2C) transactions and transactions between businesses (e.g., the sale of goods from a wholesaler to a manufacturer who uses the purchased goods to eventually sell a product on the retail level) are referred to as business-to-business (B2B) transactions.
As a result of this increased use of networked computers to transact business, the concept of the electronic marketplace, referred to herein as the “E-marketplace,” has emerged and become a standard form of conducting these business transactions. For a variety of reasons, the intermediary function provided by the E-marketplace is now an everyday part of transactional commerce.
On the consumer end, E-commerce sites such as E-Bay, half.com, Ubid.com, and AuctionPort.com provide an E-marketplace serving as a central location for negotiation of sales and/or auctions of products or services from a seller to a consumer (e.g., bidders). Likewise, B2B sellers, such as BizBuyer.com and FastParts.com, provide a similar intermediary service for business transactions between businesses.
Unlike a typical “brick-and-mortar” establishment where the buyer and seller will typically meet face-to-face and negotiate deals, and where the parties can gauge reactions by watching and listening, in an E-marketplace no such interaction occurs and, in fact, it may be desirable for the identity of the parties to the transaction to be concealed. For example, if a large company is involved in a transaction, a seller seeking to make a sale to a large corporation may attempt to charge a higher price simply because of the corporation's “deep pocket.” Similarly, a large corporation may sell products at a reduced price to a favored business partner while not wishing to give the same favorable terms to a first-time or occasional purchaser. In either case, it may be desirable for one or both of the parties to remain anonymous. However, even when a pseudonym is used for a transaction, existing methods of concealing identities fall short. For example, a bidder on E-Bay can be tracked across an auction by his or her user ID (often a pseudonym), and the bidder must also disclose his or her email address to vendors, in order to inquire about or to purchase an item. This information (user ID, email address, etc.) is the bidder's “bid history”. Once this information is revealed, a seller can use the bidder's bid history to make contact, e.g., by sending multiple, continual emails presenting offers of items the bidder has shown interest in from past bids.
Verification-of-identity issues are also of concern in an E-marketplace since, unlike a face-to-face transaction, an E-marketplace transaction is essentially “faceless.” However, under current E-marketplace scenarios, the only viable options available in the prior art are total security, where everything communicated between the buyer and seller is closed to all others, or the use of “public-key encryption”, which allows the verification of identity information to protect very limited, static, encrypted information (e.g., credit card numbers), but all other information is open to the public and linkable to the public-key holder. The “total security” option prevents public negotiation and other advantages offered by a multi-vendor marketplace. Since a primary benefit of an E-Marketplace is its open nature, which makes public negotiation available, security measures such as public-key certificates are typically employed in an E-marketplace environment.
As is well known, public key encryption systems involve the use of a publicly available public key in conjunction with a related private key available only to authorized persons or entities. Use of both keys is necessary to encrypt and decrypt the information.
Attribute certificates were developed to augment public-key certificates. An attribute certificate has the same structure as a public-key certificate and is, in fact, a type of public key certificate. In addition to containing the public-key of the certificate holder, however, it also contains information (attributes) of the holder, and does not contain identity information. Instead, it can be linked to the public key certificate of the holder. For example, attribute certificates have been used in the Health Care industry to identify the accreditation, certification(s) and role of a particular health care provider providing medical advice or information electronically. One of the benefits of using an attribute certificate is that unlike an identification certificate, which stays essentially the same all the time, attributes are dynamic and thus may change frequently (e.g., additional certifications may be obtained, or the health care provider may have different roles depending on a situation). Attribute certificates can be issued with a limited lifetime so that they expire automatically, eliminating the administrative burden of having to continually revoke and revise certificates each time there is a change in an attribute.
Applicant is unaware of any use of attribute certificates in connection with transactions in an E-marketplace or similar electronic transactional situation. Thus, a problem exists where customers and vendors may want a private relationship for a transaction, but wish to gain the advantage of the public negotiation offered by a multi-vender E-marketplace.